The US Federal Communications Commission (FCC) is tasked with regulating both wired and wireless communications, which also includes a national security component. This is how previously the FCC tossed networking gear made by Huawei and foreign-manufactured drones onto its Covered List, effectively banning it from sale in the US. Now foreign-made consumer routers have been added to this list, barring explicit conditional approval on said list that would exempt them during a ‘transition phase’.
As per the FCC fact sheet, this follows after determination by an interagency body that such routers “pose unacceptable risks to the national security of the United States [..]”. This document points us to the National Security Determination PDF, which attempts to lay out the reasoning. In it is noted that routers are an integral part of every day life, and compromised routers are a major risk factor, ergo it follows that only US-manufactured routers are to be trusted.
These – so far fictional – US-manufactured consumer routers would have to feature ‘trusted supply chains’, which would seem to imply onshoring a large industrial base, though without specifying how deep this would have to go it’s hard to say what would be involved. The ‘supporting evidence’ section also only talks about firmware-related vulnerabilities, which would imply that US firmware developers do not produce CVEs.
Currently there do not appear to be any specific details on what router manufacturers are supposed to do about this whole issue, though they can continue to sell previously FCC-approved routers in the US.
Although hardware backdoors are definitely a possibility, this requires a fair bit of effort within the supply chain that should generally also fairly easily to detect. Yet after for example Bloomberg claimed in 2018 that Supermicro gear had been infested with hardware backdoors, this started a years-long controversy.
Meanwhile actually verified issues with Supermicro hardware are boringly due to software CVEs. In that particular issue from 2024 two CVEs were discovered involving a lack of validation of a newly uploaded firmware image.
All of which is reminiscent of an early 2024 White House ‘memory safety appeal’ that smelled very strongly of red herring. Although it’s easy to point at compromised hardware with scary backdoors and sneaky software backdoors hidden deep inside firmware of servers and networking devices, the truth of the matter is that sloppy input validation is still by far the #1 cause of fresh CVEs each year, especially if you look at the CVEs that are actually being actively exploited.
As for this de-facto ban on new routers being sold in the US, this will correspondingly not change much here. The best defense against issues with networking equipment is still to practice network hygiene by keeping tabs on what is being sent on the LAN and WAN sides, while a government could e.g. force consumer routers to pass a strict independent hardware and software audit paid for by the manufacturer.
Speaking as someone who used to run DIY routers for the longest time built around FreeSCO and Smoothwall Linux, there’s also always the option of turning any old PC into a router by putting a bunch of NICs and WNICs into it and run SmoothWall, OpenWRT, etc.. A router is after all just a specialized computer, regardless of what the government feels that it identifies as.
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.